search

GrammaTech / ddisasm

A fast and accurate disassembler
https://grammatech.github.io/ddisasm/
GNU Affero General Public License v3.0
645 stars 60 forks source link

remove fake plt/got in windows PE files #65

Open gogo2464 opened 11 months ago

gogo2464 commented 11 months ago

Using masm, we could frmove the fake plt/got in windows pe files. Let's just find and add some dependencies:

An example of masm32 output:

.model flat, stdcall
option casemap:none

      include \masm32\include\windows.inc
      include \masm32\include\user32.inc
      include \masm32\include\kernel32.inc

      includelib \masm32\lib\user32.lib
      includelib \masm32\lib\kernel32.lib

.code

start:
    call    CreateFileA

THis could be a good improvment. I need more experience specific to ddisam programming in order to specifically be assigned to this issue.

aeflores commented 11 months ago

I am not sure what you mean, PE programs don't have PLT or GOT sections, they have an import table (IAT). Are you thinking about removing the EXTERN declarations that we have in PE asm listings?

gogo2464 commented 11 months ago

I was thinking about the .text disassembled section that contains relocation yes.